[Asterisk-Users] (newby) Asterisk on the open internet & security

[Cosmin Prund]

Hello everyone. I'm again bothering you with a bit of a problem, hopefully
not really a problem. I just need someone to tell me this is ok :-)

I'm planning on having two * machines on the open internet (ie: not behind a
NAT) and having them talk to each other using IAX2. I can handle all the
fire walling requirements in this case easy because at least one of the *'s
has a fixed address and I'll be able to filter traffic on IP.

It's all fine and safe so far. But then it hit me: I'll also want to "log
on" to my business's PBX from home, in order to gain access to some of its
low-rate gateways! That will not work if my office * filters on IP! Nor
would I be able to use a soft SIP phone on my laptop when I'm not at the
office!

So my question:

Is Asterisk's built-in security enough? If ALL my sip peers have propper
usernames and secrets set up and my box has only the required ports open, is
it safe to run Asterisk on the open internet? Does anyone run Asterisk like
that?

I can allmost answer my own question: "You may safely run Asterisk like that
- there are lots of VoIP services providing PSTN termination that way" but,
being new to all this stuff, I'll stay on the safe side and ask.

Thanks.